Dear SAIS Members,
In May, we learned from an independent cybersecurity researcher of a vulnerability limited to a part of the SAIS Accreditation Portal involving documents uploaded during the accreditation process and stored in an Amazon (S3) file repository. We immediately conducted an internal evaluation of the potential exposure and took actions to secure the portal. At the time, we believed the potentially publicly accessible information did not include sensitive information.
On Friday, we learned that the independent cybersecurity researcher may have had access to more information than we originally believed, including information that may have been uploaded to the portal although not required by the SAIS accreditation process. At this time, we are not aware of, and have no reason to believe that, any third party other than the independent security researcher accessed or attempted to access this information without authorization.
Our investigation is ongoing and we are currently not aware of any SAIS members whose data may have been affected by this incident. We are investigating, among other things, whether sensitive information that may accompany accreditation reports such as personnel and student health and other personal information, school finances, or school security planning was publicly accessible and to what extent. To this end, we have undertaken or will undertake the following:
- We immediately engaged legal counsel well versed in data and cybersecurity to investigate with forensic experts to determine the extent of information that may have been accessible and whether it was, in fact, accessed by an unauthorized party.
- We will keep members updated as we learn more from the investigation and will be in immediate contact with member schools whose data may have been affected by this incident.
- We will provide support to member schools as needed including those schools impacted as well as other schools as requested.
- With the help of the cybersecurity experts we will develop protocols to further fortify the safety of the data maintained in the portal.
The security of member school information is our highest priority. We value each and every member school and appreciate the trust you place in SAIS. We will be providing updates as soon as we have additional information to share.